On May 27, the National Information Security Standardization Technical Committee ("NISSTC") has issued the Information Security Technology — Requirements of Privacy Policy of Internet Platforms, Products and Services (Draft for Comment) (the "Draft for Comment") for public comments by July 25, 2022.

The Draft for Comment stipulates the preparation procedures, specific content, and release form of the privacy policy of internet platforms, products and services, to make the privacy policy more readable and transparent, as well as the handling of disputes related to the privacy policy. This standard applies to the situation of regulating the process of formulating and publishing the privacy policy by personal information processors, and to the supervision, management and evaluation of the privacy policy by competent regulatory authorities and third-party evaluation agencies. Among them, the Draft for Comment proposes that the privacy policy should at least include the scope of application, summary, rules for collection and use of personal information, rules for ensuring the security of personal information, rules for protecting the rights of personal information subjects, rules for cross-border transfer of personal information, and rules for updating privacy policy, among others, and that the contact details of the personal information processors should be provided.

(Source: China National Information Security Standardization Technical Committee)